Enigma Catalyst Hacked! Over $500,000 USD in Ethereum Stolen

A few weeks before its initial coin offering, the cryptocurrency investment platform Enigma Catalyst was hacked by an unknown group!

The ICO hackers are back, and this time, the decentralized platform Enigma Catalyst is their latest victim. According to reports, the company website and some of its social accounts were compromised. The cyber criminals were said to get away with over $500,000 USD worth of Ethereum.

Enigma, a startup digital currency investment platform was started by a group of MIT graduates headed by its CEO, Guy Zyskind. It was reported that Enigma Catalyst itself didn’t lose any money and that the stolen funds were taken from the people who joined the company’s mailing list and Slack group.

Pending its ICO in September, Enigma Catalyst was able to gather a pool of over 9,000 users in its Slack group.

So what really transpired?

The Enigma Catalyst Online Heist

According to the announcement posted on the official website of the company, an ‘unknown entity’ was able to infiltrate their website, slack group, and email newsletter accounts. The hackers also uploaded a fake pre-sale page with a fake Ethereum address (0x29D7d1dd5B6f9C864d9db560D72a247c178aE86B) to send money.

Upon checking with Etherscan.io, the fake address now has only $20.39 USD in Ethereum, with over $600,000 USD already moved to other accounts.

The perpetrators were able to spam their fake address in Enigma’s newsletter and slack accounts to advertise the pre-sale of coins, thus tricking community members to send virtual currencies to the hacker’s address.

Enigma Catalyst’s Fake Pre-Sale | thehackernews.com

The spam email seriously looks legitimate as shown in the screenshot below obtained from an Enigma Catalyst’s Slack group member.

Enigma Catalyst’s Spam E-mail | cryptoiskey | steemit.com

In a tweet sent by Enigma Catalyst through the company’s official Twitter account, they shared some information regarding the hacking incident.

“At this time, the Enigma team has retaken control of all compromised accounts, including the website. Some pages will remain deactivated for the time being while the team works. Please continue to be vigilant and check our communications across ALL channels. Do not send any money or personal information to anyone,” a part of the announcement read.

In a deleted blog post published in Medium a few days ago, the Enigma Catalysts team tried to educate their users on how to avoid phishers, scammers, spammers, and stay safe during a token sale. A portion of the post read:

“As we work hard to build the future of data and crypto trading and investing, we want to take a few moments to talk about safety. Due to our strong growth, our community has become a target. The worst elements of the crypto scene—scammers and phishers—are attracted to good projects and good communities.”

A spokesperson for the team confirmed that the dedicated website for the Enigma token sale was not affected by the heist since it resides on a separate and more secure server.

The hacking of Enigma Catalyst is said to be the fifth incident within two months and the third among a series of ICO sabotages, after Veritaseum and CoinDash in July. Right now, it is still unclear how the hackers were able to infiltrate Enigma’s network.

As of writing, there are still people sending Ethereum to the fake address, so we are encouraging everyone to share this story with family and friends.

Are cryptocurrency investment platforms too lax with their cyber security or hackers are just too smart nowadays? What do you think? Let us know in the comment section below!